How to recover crypted home directory in Ubuntu
UPDATE: this topic is also covered in a better way at Dustin Kirkland’s blog
From some versions ago, Ubuntu provides the facility of setting up the home folder of his users as cyphered directories. This method secure all the documents of the user from any kind of attacks (once the user is not logged in) but what happens if something goes wrong and… you cannot boot the machine anymore? Well, the pc doesn’t recognize its user, you, and you are unable to get your data if you boot from an external hard drive or cd or usb. If you try to boot using an extern device like those, you will find your home directory empty. So… How do we recover data in this case?
If you try to mount your /home partition and try to recover your data you get this error:
root@ubuntu:/home/goshawk# ecryptfs-mount-private ERROR: Encrypted private directory is not setup properly
During my everyday use i have been in this kind of problems. Don’t ask me how and why, but i accidentally run a rm -fr /sbin so my system was unable to boot. To recover my cyphered data i did the following:
- Boot from cd or usb with a live version of Ubuntu
- Mount your home partition in /home
- Create an user with the same name as your broken system username (in my case goshawk) and run ecryptfs-mount-private like i did in the following console log.
root@ubuntu:/home/goshawk# adduser --no-create-home goshawk Adding user `goshawk' ... Adding new group `goshawk' (1000) ... Adding new user `goshawk' (1000) with group `goshawk' ... Not creating home directory `/home/goshawk'. Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully Changing the user information for goshawk Enter the new value, or press ENTER for the default Full Name : Room Number : Work Phone : Home Phone : Other : Is the information correct? [Y/n] y root@ubuntu:/home/goshawk# su goshawk keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private' goshawk@ubuntu:~$ ecryptfs-mount-private Enter your login passphrase: Inserted auth tok with sig [50a77c517a0463e0] into the user session keyring INFO: Your private directory has been mounted. INFO: To see this change in your current shell: cd /home/goshawk goshawk@ubuntu:~$ cd /home/goshawk/ goshawk@ubuntu:~$ ls Amule Music Aptana Studio Workspace n900 bin Piano.pdf Desktop Pictures DeusSito_2010_03_26.zip_[lZ4293] plecno2 Documents Public Downloads Random Exercises.pdf GrayHatPython.epub RegDid0809-509-CLSINFMi.pdf GrayHatPython.mobi specialistica poli GrayHatPython.pdf Templates Immagine 1.png TimeShift-20100327T003250.m2t Jocart.png Videos jupiter goshawk@ubuntu:~$
Et Voilà. As you can see i was finally able to run an ls and see all my data correctly there. Mission Accomplished. :)